DOD Focused On Protecting The Defense Industrial Base From Cyber Threats

David Vergun at the DOD News offer a piece on the Defense Department and cybersecurity.

The Defense Department relies on the entrepreneurial companies and their innovative, hard-working employees in the defense industrial base, or DIB, to create capabilities for warfighters.

Through procurements from private-sector sources, the department leverages the best technologies and innovations to give service members the battlefield advantages they need to win decisively, Deputy Defense Secretary Kathleen H. Hicks said.

"DIB cybersecurity is and will remain an expanding priority for the U.S. Department of Defense. More than 220,000 companies provide value to the department's force development, and the DIB is now facing increasingly sophisticated and well-resourced cyber-attacks that must be stopped," she said, referring to the defense industrial base. 

These cyber-attacks threaten the U.S. and the rules-based order on which the global economy relies, Hicks said. Markets cannot function effectively in an environment where adversarial countries are leveraging their national power to steal intellectual property, to sabotage commercial activity, and to threaten supply chains.

You can read the rest of the piece via the below link:

DOD Focused on Protecting the Defense Industrial Base From Cyber Threats > U.S. Department of Defense > Defense Department News 

Defense Secretary Esper Describes DOD's Increased Cyber Offensive Strategy

Jim Garamone at the Defense Department offers the below piece on Defense Secretary Esper (seen in the above photo) speaking about cybersecurity:

 Cyberspace is a warfighting domain, and the U.S. military must take an active role in defending the country and its allies from threats in that realm, Defense Secretary Mark T. Esper said.

Speaking at the Department of Homeland Security Cybersecurity and Infrastructure Security Agency's second annual Cybersecurity Summit near Washington, Esper said the National Defense Strategy sets the tone for the military's aggressive stance in the cyberworld.

Cyber is the domain of choice for states and groups that wish to attack the United States, its interests and its allies. ''Strategic competitors such as Russia and China are asserting their military power and challenging the rules-based international order,'' he said. 

Esper said the U.S. military has been waging war on land and sea for more than 200 years and in the air for 100 years, and that it remains dominant in those domains. But only in the past decade have officials been figuring out what fighting in cyberspace entails, he said. 

Just as we do on land, at sea, and in the air, we must posture our forces in cyberspace where we can most effectively accomplish our mission.'' 

The world is quickly becoming dependent on the capabilities that run through the cyber domain, from navigation to targeting to reconnaissance, the secretary noted. 

''While we are having success deterring conventional aggression against the United States, our adversaries are increasingly resorting to malign activity in less traditional areas to undermine our security,'' he said. ''There is perhaps no area where this is more true than in the cyber domain.'' 

Cyber has been part and parcel of what many call hybrid war – a blurring of the lines between peace and war, Esper said. ''For nation-states such as China, Russia, North Korea and Iran, engaging America and our allies below the threshold of armed conflict is a logical choice.''

Cyber allows adversaries to take on the United States and impose costs without confronting its traditional strengths, Esper said. 

Tracking down the perpetrators of a cyberattack is difficult, and attributing them is sometimes impossible, the secretary said, and opponents may conduct campaigns to steal sensitive DOD information in an effort to undermine military advantages. 

''When successful, this coordinated, malicious cyber activity puts us at risk by eroding our capabilities and disrupting our ability to operate once conflict ensues,'' he said.

DOD must respond to these challenges and is hardening networks and systems to continue to execute missions even while under cyberattack. 

''Training to operate in a degraded environment is now regularly built into our exercises, and our service members are quickly becoming aware of our cyber vulnerabilities,'' the secretary said.

But winning in cyberspace requires an offensive strategy, Esper told the summit audience. ''We need to do more than just play goal line defense,'' he said. ''As such, the department's 2018 Cyber Strategy articulates a proactive and assertive approach to defend forward of our own virtual boundaries.

''Just as we do on land, at sea, and in the air, we must posture our forces in cyberspace where we can most effectively accomplish our mission,'' he continued. ''Defending forward allows us to disrupt threats at the initial source before they reach our networks and systems. To do this, we must be in a position to continuously compete with the ongoing campaigns being waged against the United States. Not only does this protect us day-to-day, but enacting this strategy builds the readiness of our cyber warriors so they have the tools, skills and experience needed to succeed in conflict.''

The department is also working with other U.S. agencies to protect American prosperity and democratic institutions as foreign governments conduct operations aimed at 'influencing the American public at a scope and scale never before imagined,' Esper said. 

''The Department of Defense has an important role in defending the American people from this misinformation,'' he said, ''particularly as it pertains to preserving the integrity of our democratic elections.''

DOD demonstrated that capability during last year's midterm elections, the secretary said, with U.S. Cyber Command and the National Security Agency forming an interagency group that shared information, expertise and resources to protect the elections from foreign interference.

''We also expanded our cooperation to the Department of Homeland Security and the FBI and were prepared to provide direct support, if necessary,'' he said. 

DOD also developed capabilities and increased military capacity to detect, locate and exploit threats in the cyber domain with the same focus and energy as in the physical domains.

Finally, DOD had the authorities needed to more fully employ cyber capabilities in an offensive manner, Esper said. ''This policy reflects a shared understanding across the government of the need to maximize the effectiveness of the department’s cyber warriors,'' he added.

The department will take the lessons learned from the 2018 experiences and apply them moving into 2020. ''I consider election security an enduring mission for the Department of Defense,'' the secretary said. 

DOD officials for years have spoken of using a network to defeat a network, and the U.S. military is reaching out to allies and partners around the world to take on the challenge of cyberattacks. 

''Our ability to share information and operate on common communications networks serves as a force multiplier – but, it also comes with increased risk,'' he said. ''To guard against this, we must help our allies develop their own cyber resiliency.''

China is the greatest threat, Esper said, and the Chinese government is ''perpetrating the greatest intellectual property theft in human history.'' Chinese businesses are in thrall to the government, and any nation that partners with Chinese firms to build 5G networks put their own networks at risk. 

''This not only jeopardizes military interoperability and intelligence sharing, but can also compromise commercial institutions such as banks, hospitals and media outlets,'' Esper said. ''This is why it is so important that we work together from the very start to preserve the integrity of our cyber networks.''

Cyber Monday: Tis The Season To Practice Cybersecurity

The Department of Homeland Security (DHS) offers the below computer security tips:

The holiday season is upon us, and with it comes celebrations and gift-giving. An increasing number of consumers are conducting their holiday shopping online. You have probably heard of “Cyber Monday,” a marketing term for today, the Monday following Thanksgiving, when online retailers often begin to offer discounts and promotions to shoppers.

While online shopping offers increased convenience, it also provides opportunities for scammers to target consumers through fake websites, phony offers, and malicious apps. Ensure you have a safe and secure holiday shopping experience by following the tips below.

Improve your cyber posture and avoid online shopping scams by:

·         Remembering to hover over hyperlinks and think before you click. A common phishing tactic during the holidays is a phony email saying an order has shipped, with links like “Click here for expected delivery date” or prompts for your login and password to a particular website.

·         Avoiding making purchases over public Wi-Fi. Use your cellular data for financial transactions instead.

·         Using your credit card rather than your debit card for online purchases. Credit cards offer more consumer protections if your card is compromised and will not impact your checking account like a debit card. Continue to monitor your credit card and bank statements regularly to detect any fraudulent activity that might go unnoticed.

·         Choosing encrypted shopping websites for safer transactions. There are two ways to tell if a site uses encryption: a closed padlock icon in the status bar at the bottom of your browser window or at the top of the browser window, or a website address that begins with “https:” rather than just “http:”.

·         Heeding “certificate error” messages. If you receive a notice that says “certificate error,” examine who issued the certificate, ensure the name matches the site you are visiting, and ensure the certificate has not expired.

·         Downloading vetted apps. Never install software outside of your phone’s designated app store, and only use trusted vendor apps when shopping from your phone.

·         Creating strong passwords. Avoid using the same password for your online accounts; otherwise, one compromised account can translate to multiple compromised accounts.

CIA On Chinese Cyberspying

Veteran national security reporter Bill Gertz offers a piece in the Washington Times on Communist Chinese cyberespionage and other national security items.

A senior CIA analyst said China is continuing to conduct aggressive cyberespionage operations against the U.S., contrary to claims by security experts who say Beijing curbed cyberattacks in the past few years.

“We know the Chinese are very active in targeting our government, U.S. industry and those of our partners through cyberespionage,” said Michael Collins, deputy assistant CIA director and head of the agency’s East Asia Mission Center.

“It’s a very real, big problem, and we need to do more about it,” Mr. Collins told a recent security conference in Aspen, Colorado.

Mr. Collins said solving the problem of Chinese cyberattacks will require an “all-of-government, all-of-country approach to pushing back against it.”

The comments contradict a number of cybersecurity experts who have said Beijing’s digital spying and information theft decreased sharply as a result of the 2015 agreement between President Obama and Chinese President Xi Jinping.

The two leaders announced the cyber deal with great fanfare and said both countries had agreed to curtail cyberespionage against businesses.

You can read the rest of the piece via the below link:

http://www.washingtontimes.com/news/2017/jul/26/cias-china-cyberattack-analysis-contradicts-securi/?mkt_tok=eyJpIjoiWWpnek9EVTBOREkzWkRreiIsInQiOiJXakJmM2lzV05td1BxaWZZSzVCNUtBU2F3Z2phcEV0c3NXYXRUUTJqVlJJQTg5TktvRzhhSVI2OWdqMlI4K25mcHlKZ29HZ3V5dktcL2FTRVBmRkhoQmxLdEZ1bVJHOXFRWTY4WEt4bTlVeVlJNnpadmxKYjViZmdUWk1kbmhRXC8zIn0%3D 

Krauthammer On The Incident In Hangzhou And The International Disdain For President Obama

Charles Krauthammer's column in the Washington Post covers the incident in Hangzhou involving President Obama exit through the "ass of the plane."

The president of the United States lands with all the majesty of Air Force One, waiting to exit the front door and stride down the rolling staircase to the red-carpeted tarmac. Except that there is no rolling staircase. He is forced to exit — as one China expert put it rather undiplomatically — through “the ass” of the plane.

This happened Saturday at Hangzhou airport. Yes, in China. If the Chinese didn’t invent diplomatic protocol, they surely are its most venerable and experienced practitioners. They’ve been at it for 4,000 years. They are the masters of every tributary gesture, every nuance of hierarchical ritual. In a land so exquisitely sensitive to protocol, rolling staircases don’t just disappear at arrival ceremonies. Indeed, not one of the other G-20 world leaders was left stranded on his plane upon arrival.

Did President Xi Jinping directly order airport personnel and diplomatic functionaries to deny President Obama a proper welcome? Who knows? But the message, whether intentional or not, wasn’t very subtle. The authorities expressed no regret, no remorse and certainly no apology. On the contrary, they scolded the media for even reporting the snub.

No surprise. China’s ostentatious rudeness was perfectly reflective of the world’s general disdain for Obama. His high-minded lectures about global norms and demands that others live up to their “international obligations” are no longer amusing. They’re irritating.

...Now the latest. At the G-20, Obama said he spoke to Putin about cyberwarfare, amid revelations that Russian hackers have been interfering in our political campaigns. We are more technologically advanced, both offensively and defensively, in this arena than any of our adversaries, said Obama, but we really don’t want another Cold War-style arms race.

Instead, we must all adhere to norms of international behavior. 

It makes you want to weep. This KGB thug adhering to norms? He invades Ukraine, annexes Crimea, bombs hospitals in Aleppo — and we expect him to observe cyber-code etiquette? Rather than exploit our technological lead — with countermeasures and deterrent threats — to ensure our own cyber-safety?

You can read the rest of the column via the below link:

https://www.washingtonpost.com/opinions/global-opinions/incident-in-hangzhou/2016/09/08/c1da28f4-75f2-11e6-be4f-3f42f2e5a49e_story.html?utm_term=.d62def0913b8&wpisrc=nl_headlines&wpmm=1

FBI: Syrian Cyber Hackers Charged - Two From ‘Syrian Electronic Army’ Added To Cyber’s Most Wanted

The FBI added two Syrians to their Cyber's Most Wanted list.

Three members of a Syrian hacker collective that hijacked the websites and social media platforms of prominent U.S. media organizations and the U.S. military were charged today in federal court with multiple conspiracies related to computer hacking.

In two criminal complaints unsealed in the Eastern District of Virginia, Amad Umar Agha, Firas Dardar, and Peter Romar were charged with criminal conspiracies related to their roles targeting Internet sites—in the U.S. and abroad—on behalf of the Syrian Electronic Army (SEA), a group of hackers that supports the regime of Syrian President Bashar al-Assad. The affected sites—which included computer systems in the Executive Office of the President in 2011 and a U.S. Marine Corps recruitment website in 2013—were deemed by SEA to be antagonistic toward the Syrian government.

According to the charges, Agha, 22, known online as “The Pro,” and Dardar, 27, engaged in a multi-year conspiracy that began in 2011 to collect usernames and passwords that gave them the ability to deface websites, redirect domains to sites controlled by the conspirators, steal e-mail, and hijack social media accounts. To obtain the login information they used a technique called “spear-phishing,” where they tricked people who had privileged access to their organizations’ websites and social media channels into volunteering sensitive information by posing as a legitimate entity.

The FBI today added Agha and Dardar—both believed to be in Syria—to its Cyber’s Most Wanted. The Bureau is offering a reward of up to $100,000 each for information that leads to their arrest; anyone with information is asked to contact the FBI or the nearest U.S. Embassy or consulate. Tips can also be submitted online at tips.fbi.gov.

You can read the rest of the report and view photos via the below link:

https://www.blogger.com/blogger.g?blogID=1731027273906838992#editor/target=post;postID=3591982123422981634

Defense, Intel Leaders: Cybersecurity Priorities Are Defense, Deterrence

Cheryl Pellerin at the DoD News offers the below report:

WASHINGTON September 29, 2015 — Defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities, top officials from the Defense Department and the intelligence community told a Senate panel here today.

Deputy Defense Secretary Bob Work testified on cybersecurity policy and threats before the Senate Armed Services Committee. Joining him were Director of National Intelligence James R. Clapper and Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command and director of the National Security Agency.

In his remarks to the panel, Clapper said that for the third year in a row, cyberthreats headed the list of threats reported in the annual National Intelligence Worldwide Threat Assessment.

“Although we must be prepared for a large Armageddon-scale strike that would debilitate the entire U.S. infrastructure, that is not … the most likely scenario,” Clapper added.

Integrating Intelligence

The primary concern is low- to moderate-level cyberattacks from a growing range of sources that will continue and probably expand, he said, adding that in the future he expects to see more cyber operations that manipulate electronic information to compromise its integrity, as opposed to deleting or disrupting access to it.

Clapper said President Barack Obama has directed him to form a small center that will integrate cyberthreat intelligence from across federal agencies, as do centers established over the years for counterterrorism, counterproliferation and counterintelligence.

In his remarks to the panel, Work said recent cyber intrusions involving the Office of Personnel Management, the Joint Staff and Sony by three separate state actors are “not just espionage of convenience, but a threat to our national security.”

Earlier this year, the department released a new strategy to guide the development of its cyber forces and strengthen its cybersecurity and cyber deterrence postures. The previous cyber strategy was released in 2011.

DoD Core Missions

As laid out in the new strategy, DoD’s core missions are to defend DoD network systems and information, defend the nation against cyber events of significant consequence, and provide cyber support to operational and contingency plans.

“In this regard, U.S. Cyber Command may be directed to conduct cyber operations in coordination with other government agencies … to deter and defeat strategic threats in other domains,” Work said.

On cyber deterrence, Work acknowledged that he and Defense Secretary Ash Carter “recognize that we are not where we need to be in our deterrent posture,” and the revised strategy is designed to help improve cyber deterrence.

Deterrence works by convincing any potential adversary that the costs of conducting an attack far outweigh potential benefits, Work said, describing the three pillars of the cyber deterrence strategy as denial, resilience and cost imposition.

Cyber Deterrence

“Denial means preventing the cyber adversary from achieving his objectives; resilience is ensuring that our systems will perform their essential military tasks even when they are contested in the cyber environment; and cost imposition is our ability to make our adversaries pay a much higher price for malicious activities than they [expected],” the deputy secretary explained.

Work said that because nearly every successful network exploitation involving the Defense Department can be traced to one or more human errors that allowed entry into the network, raising the level of individual cybersecurity awareness and performance is critical.

“As part of this effort, we recently published a cybersecurity discipline implementation plan and a scorecard that is brought before the secretary and me every month,” he said.

The scorecard holds commanders accountable for hardening and protecting their critical systems, and allows them to hold their personnel accountable, Work said, noting that the first scorecard was published in August.

“Denial also means defending the nation against cyberthreats of significant consequence,” Work said, “and the president has directed DoD, working in partnership with other agencies, to be prepared to blunt and stop the most dangerous cyber events.”

Fighting Through Cyberattacks

On resilience, Work explained that adversaries view DoD's cyber dependence as a potential wartime vulnerability, so the department views its ability to fight through cyberattacks as a critical mission function.

“That means normalizing cybersecurity as part of our mission-assurance efforts, building redundancy whenever our systems are vulnerable, and training constantly to operate in a contested environment. Our adversaries have to see that these cyberattacks will not provide them a significant operational advantage,” Work said.

The third aspect of deterrence means demonstrating the ability to respond through cyber and non-cyber means to impose costs on a potential adversary.

“The administration has made clear that we respond to cyberattacks in the time, manner and place of our choosing, and the department has developed cyber options to hold an aggressor at risk in cyberspace if required,” Work said.

Measurable Progress

During his testimony, Rogers said the military is in constant contact with agile, learning adversaries in cyberspace who have shown the capacity and willingness to take action against soft targets in the United States.

Some countries are integrating cyber operations into a total strategic concept for advancing their regional ambitions, he said, “to use cyber operations to influence the perceptions and actions of states around them and shape what we see as our options for supporting allies and friends in a crisis.”

“We need to deter these activities by showing that they are unacceptable, unprofitable and risky for the instigators,” he added.

U.S. Cyber Command is building capabilities that contribute to deterrence, the admiral told the panel.

“We are hardening our networks and showing an opponent that cyber aggression won't be easy,” Rogers said. “We are creating the mission force -- trained and ready like any other maneuver element that is defending DoD networks -- supporting joint force commanders and helping defend critical infrastructure within our nation.”

U.S. Cyber Command has made measurable progress, he added. “We are achieving significant operational outcomes and we have a clear path ahead."

Cyber, The Fifth Operational Domain In Warfare: Cybersecurity Demands Culture Change, DoD Official Says

Lisa Ferdinando at the DoD News offers the below report: WASHINGTON September 18, 2015 — A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department's chief information officer said here yesterday. "What keeps me awake is 'Will we get the cyber culture right?'" said Terry Halvorsen, opening a daylong cybersecurity meeting of government and industry experts. At the 6th Annual Billington Cybersecurity Summit, Halvorsen highlighted three areas in cyber culture he said need to be addressed: discipline, economics and enterprise. Cyber, the fifth domain in warfare, is different from other warfare areas because of the rapid speed at which things change, he said. With the evolving threats, the thinking on cybersecurity needs to evolve as well. "Culture is the hardest thing to change," he said. "That's why it keeps me awake at night." The United States is dependent on cyber more than probably any other nation, certainly more than any other military in the world, he said. While that gives America some "really powerful advantages" in warfare and business, he said, it also makes it the "most vulnerable to cyber interdiction." Cyber-Economics A threat, whether a criminal or a nation-state, can spend a "fairly small sum of money and cause us to spend quite a bit of money," Halvorsen said. "Right now, we are on the wrong side of that cyber-economic curve." Better discipline, Halvorsen said, would raise the "cost of entry," thwarting some of the smaller players. "Today almost anybody with a laptop, a little bit of sense and a little bit of money can go on the Internet, download some tools and cause a problem," he said. There is a need for a culture and understanding that there are "rules of engagement " and "rules of the road that apply whether you are inside DoD or frankly if you are on your own [computer] system," he said. "We are focused on building, generating, sustaining and ensuring we have a ready cyber force within the Department of Defense," said Air Force Lt. Gen. James "Kevin" McLaughlin, the deputy commander of U.S. Cyber Command. In 2013, the command embarked upon a "four-year sprint" to bring 133 new cyber teams together across the military services, involving some 6,200 people, he said. The command is about half-way through in creating the teams, he added. "In some cases, we're employing these units before they're even at initial operating capability when they have recognizable units that can function because the need for them is so dire," McLaughlin  said. "We're aggressively putting capability in the fight." Cyber Ops, Threats Everywhere "Cyber, unlike probably any other warfare area in the past, is completely ubiquitous in everything we do," Halvorsen said. Cyber is unique from the other domains, he said, because it is so interconnected and has no geographical boundaries. "It is going to require us to be more enterprise in our cultural understanding and actions with it," he said. DoD civilian and military leaders need to understand the importance of cyber defense, Halvorsen said, adding that "we've got to get cyber into every level of command." Cyber operators are "wrestling daily with the challenges of operating a domain while also simultaneously defending it," according to Air Force Brig. Gen. Robert Skinner, deputy commander, Joint Force Headquarters-Department of Defense Information Networks. "We constantly balance the risk with the inherent capabilities in the cyber domain to ensure our warfighters are successful in everything that they do," Skinner said. Cyber was made the fifth operational domain in 2010, and the first functional one, he pointed out. "While we've held a decisive and dominant advantage in all the other domains, that's not necessarily the case in the cyber domain," Skinner said.

Chairman Of The Joint Chiefs Of Staff Gives Shorthand Account of Challenges U.S. Faces

Jim Garamone at the American Forces Press Service offers the below piece:

WASHINGTON, May 14, 2014 – Defense strategy is complicated, the chairman of the Joint Chiefs of Staff said today at the Atlantic Council, but his “elevator pitch” boils down to the mnemonic aid “2,2,2,1.”

Army Gen. Martin E. Dempsey said the number string refers to: -- Two heavyweights – China and Russia; -- Two middleweights – Iran and North Korea; -- Two networks – al-Qaida and the transnational criminal network; and  -- Cybersecurity.

“The world in which we live and the security we seek and the actions we take are conducted strategically in the context of what it will mean to the two heavyweights,” he said.  The threat of al-Qaida is known, but it is changing, the chairman said. Al-Qaida is a network running from Pakistan and Afghanistan through Iraq and Syria, across the Arabian Peninsula and into North Africa. Boko Haram in Nigeria is the latest affiliate of the group to manifest itself.

“It’s a network, and it doesn’t mean that network is one, coherent ideologically or financially linked organization,” he said. “They syndicate themselves when it works to their convenience.” Defense planners must think of al-Qaida as a network that will be a generational challenge,” Dempsey said. “That is to say 20 or 30 years,” he added. 

The transnational criminal network that runs in the Western Hemisphere doesn’t receive the attention it should get, the chairman said. “We tend to think of that as a drug-trafficking network, but it is equally capable and often found to be trafficking in illegal immigrants and arms and laundering money,” he said. “It’s extraordinarily capable and extraordinarily wealthy, and it can move anything for the highest bidder.”

Cyber remains a problem that must be addressed, Dempsey said, adding that he is worried about the nation’s lack of preparedness for an attack. “We have sectors within our nation that are more ready than others,” he said. “But we don’t have a coherent cyber strategy as a nation.” Privacy, cost and information-sharing are just a few of the issues that must be addressed before a comprehensive strategy can be emplaced, he said.

“Another thing that concerns me about cyber is not just the denial or the destruction of entire networks -- which would be a problem in the financial sector or in critical infrastructure -- but I worry equally about the corruption of data,” he said. “We’ve become a technologically savvy … and dependent organization. And we rely on three things: … precision, navigation and time. “Our joint force is agile,” he continued. “It’s adaptable, … it embraces change and is eager for change. But what it isn’t eager to accept is uncertainty, and we’ve got too much uncertainty in our budget condition right now.”

Each security concern requires a different approach, the chairman said. The United States deters through the use of all levers of power -- diplomacy, economic and military. But they are wielded differently if facing a heavyweight or a middleweight, he added. And networks don’t respond to the same pressures as nations, he noted, calling cyber a whole new world.

Cybercom Commander Calls Cybersecurity Order First Step

U.S. Army Sgt. 1st Class Tyrone C. Marshall at the American Forces Press Service offers the below piece:

WASHINGTON, Feb. 13, 2013 - The cybersecurity policy President Barack Obama announced during his annual State of the Union address is a step toward protecting the nation's critical infrastructure, the commander of U.S. Cyber Command said here today.

Army Gen. Keith B. Alexander (seen in the above official photo), also director of the National Security Agency, joined senior U.S. officials from the White House and the Commerce and Homeland Security departments to discuss strengthening the cybersecurity of the country's critical infrastructure.

"We need a way of sharing information between government and industry -- both for information sharing and hardening our networks," he said. "I think what we're doing in the executive order tackles, perhaps, the most difficult issue facing our country: How do we harden these networks when, across all of industry and government, those networks are in various states of array? We've got to have a way of reaching out with industry and with government to solve that kind of problem."

The general said the new cybersecurity policy is important to strengthening the country's defenses against cyberattacks. "The systems and assets that our nation depends on for our economy, for our government, even for our national defense, are overwhelmingly owned and operated by industry," he explained. "We have pushed hard for information sharing."

Private-sector companies have the information they need to defend their own networks in a timely manner, he said. "However, information sharing alone will not solve this problem," he added. "Our infrastructure is fragile." The executive order Obama signed to put the new cybersecurity policy into effect sets up a process for government and industry to start to address the problem, the general said.

But although the president's new executive order helps to bring about some solutions, Alexander said, it isn't comprehensive.

"This executive order is only a down payment on what we need to address the threat," he said. "This executive order can only move us so far, and it's not a substitute for legislation. We need legislation, and we need it quickly, to defend our nation. Agreeing on the right legislation actions for much-needed cybersecurity standards is challenging."

The executive order is a step forward, though, because it creates a voluntary process for industry and government to establish that framework, Alexander said.

"In particular, with so much of the critical infrastructure owned and operated by the private sector, the government is often unaware of the malicious activity targeting our critical infrastructure," he said. "These blind spots prevent us from being positioned to help the critical infrastructure defend itself, and it prevents us from knowing when we need to defend the nation."

The general noted government can share threat information with the private sector under this executive order and existing laws, but a "real-time" defensive posture for the military's critical networks will require legislation removing barriers to private-to-public sharing of attacks and intrusions into private-sector networks.

"Legislation is also necessary to create incentives for better voluntary cooperation in cyber standards, developments and implementation," he said, "and to update and modernize government authorities to address these new cyber threats."

Alexander warned that potential cyber threats to the United States are very real, pointing to recent examples.

"You only have to look at the distributed denial-of-service attacks that we've seen on Wall Street, the destructive attacks we've seen against Saudi Aramco and RasGas, to see what's coming at our nation," Alexander said. Now is the time for action, he said, and the new executive order takes a step in implementing that action.

In his role as director of the NSA, Alexander said, he is fully committed to the development of the cybersecurity framework.

"We do play a vital role in all of this, and in protecting DOD networks and supporting our combatant commands and defending the nation from cyber-attacks," he said. "But we can't do it all. No one agency here can do it all. It takes a team in the government."

And the government cannot do it by itself, either, he added. "We have to have government and industry working together as a team," he said.